i hate for my first post to be a problem, but after 2 weeks of googleing, here goes:
important info:
µTorrent 1.6.1 build 490
Desktop: Linux Mint 4 (ubuntu gusty) - WINE 1.0.0
Lappy: Linux Mint 5 (ubuntu hardy) - WINE 1.1.0
i have checked that the SSL library's are installed, but i'm not sure what to do past there if i need to do something to make them work with WINE
my issue is:
whenever i try to connect to a torrent sites tracker via HTTPS instead of HTTP, i get a "HTTP Reply 0" error. this is on both of my computers with 1.6.1 and whatever the newest version of utorrent was as of last week. i can change from https:// to http:// again aind it will announce and grab peers fine.
the only problem is, due to a new legislation inside of sweden- people there want all incoming traffic to be encrypted.
i am at a loss, a few people have described the problem and so far the ONLY known resolution has been to swap to another linux native bittorrent client like rtorrent.
if anyone can think of a resolution, or some things i can try-- i will be more than happy to do a guide on how to do it for other people if i find a resolution.
µTorrent + SSL tracker connections = HTTP Reply 0
-
jamesholden
- Newbie
- Posts: 4
- Joined: Thu Jul 10, 2008 6:27 pm
-
jamesholden
- Newbie
- Posts: 4
- Joined: Thu Jul 10, 2008 6:27 pm
with some more looking, i was guided https://bugs.launchpad.net/ubuntu/+sour ... bug/178191 which i assume doesn't affect me (32bit, 1.0+)
inside win32 firefox, i can access https websites
inside win32 firefox, i can access https websites
-
jamesholden
- Newbie
- Posts: 4
- Joined: Thu Jul 10, 2008 6:27 pm
SOLUTION for the issue
Thanks to jamesholden for the suggestion that nudged me in the right direction to resolve this issue.
The "HTTP Reply 0" error results from the server certificate chain not being recognized as valid by OpenSSL. This may be due to the cert being self-signed, a server name/URL mis-match, or any number of other issues.
Certs are expensive and some server owners can't afford the a commercially signed cert. This doesn't invalidate the cert, it just means that it's not accepted by OpenSSL for the purposes of authentication, because the identity of the certificate holder is not verified. Cryptographically such a cert is still secure, you just might want to think twice before handing over credit card info or similar to a server with such a certificate.
On to the fix.
First you need to get a copy of the SSL cert for the tracker you're having the problem with. You can do this by using the 'openssl' command at the CLI on your box:
Type 'quit' followed by <enter> to exit the openssl program.
'server_cert.crt' will have more than just the cert, since the whole web page is downloaded. The part you want looks like this:
-----BEGIN CERTIFICATE-----
bunch of cryto code...
-----END CERTIFICATE-----
Go to where your distro stores cert files. Here are common locations:
There should be another directory with your cert files, most likely named "certs". Back up your existing ca-certificates.crt file:
Now, edit ca-certificates.crt (use sudo) and add the cert you downloaded to the bottom of the file. Paste in the whole certificate, which includes the "BEGIN" and "END" lines.
Restart wine and utorrent. You should now see "working" rather than "HTTP Reply 0".
=RT=
p.s. Not sure how applicable this is to Mac OS X, I'll look into that as well and report back, since my workstation is a Mac.
Edit: added clarification about the certs path.
The "HTTP Reply 0" error results from the server certificate chain not being recognized as valid by OpenSSL. This may be due to the cert being self-signed, a server name/URL mis-match, or any number of other issues.
Certs are expensive and some server owners can't afford the a commercially signed cert. This doesn't invalidate the cert, it just means that it's not accepted by OpenSSL for the purposes of authentication, because the identity of the certificate holder is not verified. Cryptographically such a cert is still secure, you just might want to think twice before handing over credit card info or similar to a server with such a certificate.
On to the fix.
First you need to get a copy of the SSL cert for the tracker you're having the problem with. You can do this by using the 'openssl' command at the CLI on your box:
Code: Select all
openssl s_client -connect servername:443 > server_cert.crt'server_cert.crt' will have more than just the cert, since the whole web page is downloaded. The part you want looks like this:
-----BEGIN CERTIFICATE-----
bunch of cryto code...
-----END CERTIFICATE-----
Go to where your distro stores cert files. Here are common locations:
Code: Select all
AIX, OpenSSL 0.9.6 (from OpenSSH support packages) /var/ssl/
Centos 3 / 4, OpenSSL 0.9.7 /usr/share/ssl/
Cygwin, OpenSSL 0.9.6 /usr/ssl/
Debian Woody, OpenSSL 0.9.6 /etc/ssl/
Debian Sarge, OpenSSL 0.9.7 /etc/ssl/
Debian Etch, OpenSSL 0.9.8 /etc/ssl/
FreeBSD, OpenSSL 0.9.x /usr/local/openssl/
Gentoo, OpenSSL 0.9.6 /usr/lib/ssl/
Gentoo, OpenSSL 0.9.7 /etc/ssl/
Mac OS X 10.1.2, OpenSSL 0.9.6b /System/Library/OpenSSL/
Mandrake 7.1 -> 8.2, OpenSSL 0.9.6 /usr/lib/ssl/
NetBSD, OpenSSL 0.9.x /etc/openssl/
Normal OpenSSL Tarball Build, OpenSSL 0.9.6 /usr/local/ssl/
OpenBSD, OpenSSL 0.9.x /etc/ssl/
Redhat 6.2 / 7.x / 8.0 / 9, OpenSSL 0.9.6 /usr/share/ssl/
Redhat Enterprise 3 / 4, OpenSSL 0.9.7 /usr/share/ssl/
Redhat Fedora Core 2 / 3, OpenSSL 0.9.7 /usr/share/ssl/
Redhat Fedora Core 4, OpenSSL 0.9.7 /etc/pki/tls/
Redhat Fedora Core 5 / 6, OpenSSL 0.9.8 /etc/pki/tls/
Slackware, OpenSSL 0.9.6 /etc/ssl/
SuSE 7.3 / 8.0, OpenSSL 0.9.6 /usr/share/ssl/
SuSE 8.1 / 8.2, OpenSSL 0.9.6 /etc/ssl/
Ubuntu Hardy, OpenSSL 0.9.8g /etc/sslCode: Select all
sudo cp ca-certificates.crt orig.ca-certificates.crtRestart wine and utorrent. You should now see "working" rather than "HTTP Reply 0".
=RT=
p.s. Not sure how applicable this is to Mac OS X, I'll look into that as well and report back, since my workstation is a Mac.
Edit: added clarification about the certs path.
